Arbitrary file upload in CuteNews
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-11447 |
| CWE-ID | CWE-434 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
CuteNews Other software / Other software solutions |
| Vendor | CutePHP Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Arbitrary file upload
EUVDB-ID: #VU35981
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-11447
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
MitigationInstall update from vendor's website.
Vulnerable software versionsCuteNews: 2.1.2
External linkshttp://pentest.com.tr/exploits/CuteNews-2-1-2-Remote-Code-Execution-Metasploit.html
http://www.exploit-db.com/exploits/46698/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
